<?php
namespace application\views;

class API extends \application\auth\API {

	public function load() {
		global $concerto;
		$queryVars = $concerto->queryVars;
		header('Content-type: application/json');
		switch($concerto->requestMethod) {
			
			/*
			 * GET
			 *
			 * Displays JSON content according to query variables
			 */
			case 'get':
			case 'GET':
				$execute = TRUE;
				switch($queryVars['display']) {
					case 'rating':
						$execute = Modulator()->runFilter('api_get_rating', $execute);
						if($execute) {
							$rating = DB()->getRow("SELECT AVG(`feedback_rating`) as `average`, COUNT(`feedback_id`) as `count` FROM `cn_feedback` WHERE `feedback_content`='".getQueryVar('id')."'");
							echo json_encode(array('rating'=>round($rating->average, 1), 'count'=>$rating->count));
						}
						else {
							echo json_encode(array(
								'status'=>'error',
								'error'=>'Permission denied.'
							));
						}	
						break;
					case 'content_type':
						$execute = Modulator()->runFilter('api_get_content_type', $execute);
						if($execute) {
							$types = DB()->getResults("SELECT * FROM `cn_content_types` ORDER BY `ct_title`");
							echo json_encode(array('status'=>'success', 'data'=>$types));
						}
						else {
							echo json_encode(array(
								'status'=>'error',
								'error'=>'Permission denied.'
							));
						}
						break;
					case 'content':
						$execute = Modulator()->runFilter('api_get_content', $execute);
						if($execute) {
							$query = $concerto->ContentQuery->buildQuery($queryVars);	
							$results = DB()->getResults($query);
							echo json_encode(\application\utilities\Utility::arrayFunction($results, 'mysql_real_escape_string'));	
						}
						else {
							echo json_encode(array(
								'status'=>'error',
								'error'=>'Permission denied.'
							));
						}	
						break;
					case 'user':
						$execute = Modulator()->runFilter('api_get_user', $execute);
						if($execute) {
							$query = $concerto->UsersQuery->buildQuery($queryVars);
							$results = DB()->getResults($query);
							echo json_encode(\application\utilities\Utility::arrayFunction($results, 'mysql_real_escape_string'));
						}
						else {
							echo json_encode(array(
								'status'=>'error',
								'error'=>'Permission denied.'
							));
						}	
						break;
					case 'tags':
						$execute = Modulator()->runFilter('api_get_tags', $execute);
						if($execute) {
							// This is the only thing we use a tags query for at the moment, so just render it here
							$queries = array();
							if($group = getQueryVar('group')) {
								$queries[] = "`tag_group` = '$group'";
							}
							if($type = getQueryVar('type')) {
								$queries[] = "`tag_content_type` ='$type'";
							}
							if($search = getQueryVar('search')) {
								$queries[] =  "`tag_title` LIKE '%$search%'";
							}
							if($queries) {
								$query = "SELECT * FROM `cn_tags` WHERE ".implode(' AND ', $queries);
							}
							else {
								$query = "SELECT * FROM `cn_tags`";
							}
							$results = DB()->getResults($query);
							echo json_encode(\application\utilities\Utility::arrayFunction($results, 'mysql_real_escape_string'));
						}
						else {
							echo json_encode(array(
								'status'=>'error',
								'error'=>'Permission denied.'
							));
						}
						break;
					default:
						Modulator()->runFunction('api_get_request', $queryVars['display']);
						break;
				}
				break;
			case 'post':
			case 'POST':
				$execute = FALSE;
				
				$host = parse_url(CN_URL);
				$client = parse_url($_SERVER['HTTP_REFERER']);
				if($host['host'] == $client['host']) $execute = TRUE;
				switch($_REQUEST['object']) {
					case 'content':
						$execute = Modulator()->runFilter('api_post_content', $execute);
						if($execute) {
							if($_REQUEST['content_id'])
								$content = new \application\models\Content('id='.$_REQUEST['content_id']);
							else
								$content = new \application\models\Content('type='.$_REQUEST['content_type']);
							$save = $content->save();
							echo json_encode($save);
						}
						else {
							echo json_encode(array(
								'status'=>'error',
								'error'=>'Permission denied.'
							));
						}
						break;
					case 'tag':
						$execute = Modulator()->runFilter('api_post_tag', $execute);
						if($execute) {
							$tag = new \application\models\Tag;
							$tag->create(array(
								'title'=>$_REQUEST['title'],
								'contentType'=>$_REQUEST['contentType'],
								'type'=>$_REQUEST['type'],
								'group'=>$_REQUEST['group'],
								'order'=>$_REQUEST['order'],
								'id'=>$_REQUEST['tag_id']
							));
							$save = $tag->save();
							echo json_encode($save);
						}
						else {
							echo json_encode(array('status'=>'error', 'error'=>'Permission denied.'));
						}
						break;
					case 'feedback':
						$execute = Modulator()->runFilter('api_post_feedback', $execute);
						if($execute) {
							$feedback = new \application\models\Feedback;
							$save = $feedback->save();
							echo json_encode($save);
						}
						else {
							echo json_encode(array('status'=>'error', 'error'=>'Permission denied.'));
						}
						break;
					case 'userContentRelation':
						$execute = Modulator()->runFilter('api_post_userContentRelation', $execute);
						if($execute) {
							$relation = new \application\models\UserContentRelation($_REQUEST['id']);
							$relation->create(array('content'=>$_REQUEST['content'], 'user'=>$_REQUEST['user'], 'interaction'=>$_REQUEST['interaction'], 'timestamp'=>date('Y-m-d H:i:s', strtotime($_REQUEST['timestamp']))));
							$save = $relation->save();
							echo json_encode($save);
						}
						else {
							echo json_encode(array('status'=>'error', 'error'=>'Permission denied.'));
						}
						break;
					default:
						Modulator()->runFunction('api_post_request', $_REQUEST['object']);
						break;
						
				}
				Modulator()->runFunction('api_post_request_finish', $save);
				break;
			case 'delete':
			case 'DELETE':
				$execute = FALSE;
				$execute = Modulator()->runFilter('api_delete_'.$_REQUEST['object'], $execute);
				if($execute) {
					switch($_REQUEST['object']) {
						case 'content':
							$content = new \application\models\Content('id='.$_REQUEST['id']);
							$content->delete();
							echo json_encode(array(
								'status'=>'success'
							));
							break;
						case 'user':
							$user = new \application\models\User($_REQUEST['id']);
							$user->delete();
							echo json_encode(array(
								'status'=>'success'
							));
							break;
						case 'tag':
							$tag = new \application\models\Tag($_REQUEST['id']);
							$tag->delete();
							echo json_encode(array(
								'status'=>'success'
							));
							break;
						case 'feedback':
							$feedback = new \application\models\Feedback($_REQUEST['id']);
							$feedback->delete();
							echo json_encode(array(
								'status'=>'success'
							));
							break;
						case 'userContentRelation':
							$relation = new \application\models\UserContentRelation($_REQUEST['id']);
							$relation->delete();
							echo json_encode(array(
								'status'=>'success'
							));
							break;
					}
					
				}
				else {
					echo json_encode(array('status'=>'error', 'error'=>'Permission denied.'));
				}
				break;
		}	
		
		
		
	}
}
?>